28 lines
684 B
Markdown
28 lines
684 B
Markdown
# CSE4303 Introduction to Computer Security (Lecture 4)
|
|
|
|
## Network attacks
|
|
|
|
### Examining the transport layer
|
|
|
|
#### Transmission Control Protocol (TCP)
|
|
|
|
Connection-oriented, preserves order
|
|
|
|
- Sender
|
|
- Break data into packets
|
|
- Attach packet numbers
|
|
- Receiver
|
|
- Acknowledge receipt; lost packets are resent
|
|
- Reassemble packets in correct order
|
|
|
|
#### Security Problems
|
|
|
|
1. Network packets pass by untrusted hosts
|
|
- Eavesdropping, packet sniffing
|
|
- Especially easy when attacker controls a machine close to victim (e.g. WiFi routers)
|
|
2. TCP state easily obtained by eavesdropping
|
|
- Enables spoofing and session hijacking
|
|
3. Denial of Service (DoS) vulnerabilities
|
|
|
|
|